summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509/x509_vfy.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* check_cert(): be sure to reset ctx->current_crl to NULL before freeing it.miod2014-09-291-10/+5
| | | | | | | | | X509_STORE_CTX_init(): do not free the X509_STORE_CTX * parameter upon failure, for we did not allocate it and it might not come from the heap, such as in check_crl_path() in this very same file where X509_STORE_CTX_init() gets invoked with a stack address. ok bcook@
* Free sktmp when it's no longer needed. By doing so, we fix a bunch of memory ↵logan2014-07-171-2/+4
| | | | | | | | leaks. From miod@ OK from miod@ and guenther@
* jsing and I are investigating removal of all? most? 'getenv from library'deraadt2014-07-121-1/+3
| | | | | | | instances. This one for OPENSSL_ALLOW_PROXY_CERTS gets turned off first, especially since it had this special comment: /* A hack to keep people who don't want to modify their software happy */ ok beck jsing
* Principle of least surprise: make CMAC_CTX_free(), OCSP_REQ_CTX_free() andmiod2014-07-121-1/+4
| | | | | X509_STORE_CTX_free() accept NULL pointers as input without dereferencing them, like all the other well-behaved *_CTX_free() functions do.
* When looking for the issuer of a certificate, if the current candidate ismiod2014-07-111-8/+20
| | | | | | | expired or not valid yet, continue looking; only return an expired certificate if no valid certificates have been found. OpenSSL PR #3359 via OpenSSL trunk.
* Only import cryptlib.h in the four source files that actually need it.jsing2014-07-111-6/+6
| | | | | | | | Remove the openssl public includes from cryptlib.h and add a small number of includes into the source files that actually need them. While here, also sort/group/tidy the includes. ok beck@ miod@
* Explicitly include <openssl/opensslconf.h> in every file that referencesjsing2014-07-101-1/+3
| | | | | | | | | an OPENSSL_NO_* define. This avoids relying on something else pulling it in for us, plus it fixes several cases where the #ifndef OPENSSL_NO_XYZ is never going to do anything, since OPENSSL_NO_XYZ will never defined, due to the fact that opensslconf.h has not been included. This also includes some miscellaneous sorting/tidying of headers.
* Stop including standard headers via cryptlib.h - pull in the headers thatjsing2014-07-101-2/+4
| | | | | | are needed in the source files that actually require them. ok beck@ miod@
* remove unused, private version strings except SSL_version_strbcook2014-07-091-3/+1
| | | | | | Also remove unused des_ver.h, which exports some of these strings, but is not installed. ok miod@ tedu@
* wrap getenv OPENSSL_ALLOW_PROXY_CERTS in an issetugid check, to protectderaadt2014-06-201-2/+2
| | | | | setuid applications from being fooled. ok miod
* check stack push return and make some effort to clean up. ok beck miodtedu2014-06-191-2/+6
|
* tags as requested by miod and teduderaadt2014-06-121-1/+1
|
* calloc instead of malloc/memset. from Benjamin Baiertedu2014-05-251-2/+1
|
* KNF.jsing2014-04-201-418/+554
|
* blunt force knftedu2014-04-181-538/+372
|
* Change library to use intrinsic memory allocation functions instead ofbeck2014-04-171-3/+3
| | | | | | | | OPENSSL_foo wrappers. This changes: OPENSSL_malloc->malloc OPENSSL_free->free OPENSSL_relloc->realloc OPENSSL_freeFunc->free
* correct cases of code occuring directly after goto/break/returnjsg2014-04-151-1/+0
| | | | ok miod@ guenther@
* Merge conflicts; remove MacOS, Netware, OS/2, VMS and Windows build machinery.miod2014-04-131-5/+15
|
* resolve conflictsdjm2012-10-131-5/+0
|
* OpenSSL 1.0.0f: mergedjm2012-01-051-1/+1
|
* openssl-1.0.0e: resolve conflictsdjm2011-11-031-1/+5
|
* resolve conflicts, fix local changesdjm2010-10-011-144/+807
|
* update to openssl-0.9.8i; tested by several, especially krw@djm2009-01-051-4/+8
|
* resolve conflictsdjm2008-09-061-133/+348
|
* resolve conflictsdjm2006-06-271-1/+1
|
* resolve conflictsdjm2005-04-291-13/+118
|
* update missing pieces from 0.9.7d; ok henningmarkus2004-04-251-7/+48
| | | | crank minor for API extensions
* backout for nowmarkus2004-04-081-48/+7
|
* merge 0.9.7dmarkus2004-04-081-7/+48
|
* merge 0.9.7c; minor bugsfixes;markus2003-11-111-2/+2
| | | | | API addition: ERR_release_err_state_table [make includes before you build libssl/libcrypto]
* security fix from http://www.openssl.org/news/secadv_20030930.txtmarkus2003-09-301-1/+1
| | | | see also http://cvs.openssl.org/chngview?cn=11471
* merge 0.9.7b with local changes; crank majors for libssl/libcryptomarkus2003-05-121-1/+1
|
* OpenSSL 0.9.7 stable 2002 05 08 mergebeck2002-05-151-40/+307
|
* openssl-engine-0.9.6 mergebeck2000-12-151-193/+298
|
* OpenSSL 0.9.5a mergebeck2000-04-151-6/+16
|
* OpenSSL 0.9.5 mergebeck2000-03-191-20/+186
| | | | | | *warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
* OpenSSL 0.9.4 mergebeck1999-09-291-143/+78
|
* Import of SSLeay-0.9.0b with RSA and IDEA stubbed + OpenBSD buildryker1998-10-051-0/+704
functionality for shared libs. Note that routines such as sslv2_init and friends that use RSA will not work due to lack of RSA in this library. Needs documentation and help from ports for easy upgrade to full functionality where legally possible.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-31 14:56:10 +0000